The demand for cybersecurity professionals is outpacing supply, and that’s bad news for your small business.
The Global Information Security Workforce Study projects that the shortfall will hit 1.8 million by 2022. Think that’s scary? Cybersecurity Ventures came up with an even more dire prediction: The number of unfilled cybersecurity jobs will reach 3.5 million by 2021.
If you run a small business, you may think this doesn’t affect you. But, in fact, small businesses are more vulnerable than larger ones because cyber criminals consider small organizations easy pickings.
Your company might be a target
Cyber attacks are the fastest growing crime in the United States. Small businesses are especially vulnerable precisely because they don’t see themselves as targets. They aren’t Equifax, after all. But they are far less likely to have the resources dedicated to cybersecurity that a large corporation might. That’s why 14 million small businesses were attacked in 2017.
Not all criminals are after millions of dollars. A simple ransomware attack could yield an easy $5,000. That’s a nice payday for a solo criminal entrepreneur.
The 2017 State of SMB Cybersecurity report from the Ponemon Institute, released in September, reveals just how exposed small and medium-sized businesses are to cyber attacks—61% of respondents say they encountered such attacks, compared to 55% the previous year.
Overall, 43% of all cyber attacks target small businesses, according to Small Business Trends, but only 14% of small businesses rate their ability to mitigate cyber risks as “highly effective.”
Such a lack of preparation can be devastating, especially for smaller organizations—60% of small and medium-sized businesses shut down within 6 months of a breach, according to the National Cyber Security Alliance.
How prepared are you?
Consider the following questions:
- Do you have the resources to secure your environment?
- How long can you afford to be offline?
- Are you alert to the unexpected data security risks in your office right now?
- How are you monitoring phishing attacks? (Did you know that, according to Verizon, 95% of successful phishing attacks result in the installation of malware?)
- Have you been hacked? Are you sure? (According to a Ponemon Institute study, on average, it takes 191 days to detect a threat.)
There’s one more thing to keep in mind: Businesses in financial services, healthcare, and other regulated industries are subject to more stringent cybersecurity requirements. It doesn’t matter if you are never hacked—you must have certain precautions in place. Regulations vary by state, with some of the strictest in New York.
How to ensure security
You have three options: Remain vulnerable to attack; try to develop a robust, in-house cybersecurity department; or outsource to a trusted third party.
The first option, of course, is off the table.
The second can be difficult and costly. The massive workforce shortage means that even if you do find qualified cybersecurity talent, you’ll need to pay anywhere from $85,000-$100,000 per employee—and that’s just salary. In our experience, one dedicated employee won’t be enough, so double that number.
There are several other related costs, as well. Server and storage space will run about $5,000-$10,000 each. Software licensing fees, depending on the size of your organization, could top six figures.
That’s why many small companies turn to outside experts to provide managed detection and response.
Outsourcing relieves the burden
Outsourcing to a Managed Security Service Provider (MSSP) like Avalon Cyber can get you the same or a higher level of coverage and monitoring at a fraction of the cost of doing it yourself.
Each company has unique needs, but a ballpark figure is $30,000 annually, versus $250,000+ to keep it in house. That means you save on capital expenses—including upgrades—and on human resources costs. But it’s not just costs; it also comes down to expertise. The lack of available cybersecurity experts means that even if you spend the money to hire in-house staff, you may not be getting the expertise you need.
With an MSSP, you have a vetted team of security specialists available around the clock that will ensure all software updates and patches are applied. (Did you know that the 2017 WannaCry ransomware attack did so much damage because companies hadn’t applied a patch that had been available for 3 months?)
We can help
As an MSSP focused on small businesses, Avalon Cyber can work with you and your IT team to develop the cybersecurity program you need. With 24/7/365 monitoring, we can detect and respond to an attempted attack right away, preventing or greatly mitigating any damage. And we can keep you compliant with relevant rules and regulations.
Already experienced a breach? We’re here to help. We’ll assess how it happened, identify your vulnerabilities, and control the damage. We’ll then provide the customized cybersecurity solution you need to fend off future attacks.
Interested? Contact a cyber expert today.
Please note: This blog is a repost, but the included statistics and information are still relevant in the last quarter of 2019.